All open roles

DevSecOps / Infrastructure Engineer

San Francisco, CaliforniaFull-time

As we take on more government and defense work, the security and integrity of our infrastructure becomes its own discipline — and we want someone who owns it rather than spreading it thin across the product engineers. The "sec" in this role is the point: you'll be responsible for how sensitive data moves, where it lives, and who can see it, so the rest of the team can focus on building.

What you'll do

  • Own our infrastructure and deployment pipeline — including deploying into containerized, customer-provided environments and on Azure.
  • Own the security posture for controlled and sensitive data: data transmission, storage, access control, key management, and who can and can't see what.
  • Drive our compliance program from identification into implementation — NIST controls (we're already tracking these in ControlMap), CMMC / SPRS, and recurring assessments like SOC 2 Type II.
  • Partner with leadership and IT on compliance requirements and timelines, and turn a backlog of controls into an ongoing, sustainable program that doesn't grind product velocity to a halt.
  • Take security concerns off the plates of full-stack and ML engineers so they can ship.

What we're looking for

  • U.S. citizenship (required). This role works with sensitive government Controlled Unclassified Information (CUI) and is subject to government contract requirements.
  • Strong DevOps / infrastructure background — CI/CD, cloud (Azure especially), containerized deployments, and infrastructure-as-code.
  • Hands-on security experience: access control, data segregation, secrets/key management, secure environments.
  • Experience implementing and maintaining compliance frameworks — NIST 800-171 / CMMC, SOC 2, or similar — not just reading them.
  • A pragmatic mindset about doing this well on a small team without over-building.

Nice to have

  • Direct defense or government contracting experience and familiarity with CUI handling.
  • CISO-adjacent experience defining data-access and data-residency policy.

Interested?

Tell us a bit about yourself and why this role fits. We read every application.

Apply by Email